Transport Layer Security, TLS, is the standard protocol defined for securing traffic based on the Transport Control Protocol, TCP. The protocol starts by a handshaking procedure whereby a client terminal and a server terminal establish a TLS session and agree on session parameters, such as a common set of security parameters (e.g. keys and ciphering algorithms). The client terminal and the server terminal then use these session parameters to protect the application data sent between the client terminal and the server terminal.
Datagram Transport Layer Security, DTLS, is a protocol based on TLS that provides the same security functionality as TLS but for traffic based on User Datagram Protocol, UDP. An extension to DTLS has been developed, called DTLS-SRTP, which uses the established key to protect Real-time Transport protocol, RTP, data (e.g. audio/video) by using Secure Real-time Transport Protocol, SRTP.
TLS and DTLS-SRTP are often used to protect real-time peer-to-peer multimedia sessions established using Session Initiation Protocol, SIP. TLS can be used to protect e.g. a session established using Message Session Relay Protocol, MSRP and DTLS-SRTP can be used to protect an RTP audio or video session.
TLS (as well as DTLS and DTLS-SRTP) allows a session to be resumed or duplicated using the TLS session resumption or duplication feature. A client terminal can request a session to be resumed or duplicated by including the identifier of the session in the start of the TLS handshake procedure with a server terminal. If the server terminal has stored the session parameters and agrees to resume or duplicate the session, the server terminal and the client perform an abbreviated handshake procedure and then the client terminal and the server terminal can start to exchange application data protected using existing session parameters, such as keys. An abbreviated handshake, as opposed to a full handshake, increases performance as it involves fewer round-trips and less cryptographic computations. The TLS session resumption feature can be applied whenever a client terminal initiates multiple connections to the same server terminal.
To be able to use the TLS session resumption or duplication feature, the TLS client terminal must identify the session to be resumed. In client-server protocols, a session is typically identified at the client side using the IP address and port of the server host. However, this approach is not reliable as the IP address and port of a remote terminal often changes, especially in e.g. a peer-to-peer media session. The port of a remote terminal is typically an ephemeral one that is selected afresh for each new multimedia session. Additionally, the remote terminal may have multiple IP addresses which it switches between (due to e.g. cellular access and wireless local area network access). Also, the remote terminal may be behind a network address translation, NAT, which performs IP and port mapping. Therefore, it becomes increasingly important to find a solution for resumption or duplication of a secure session that solves these problems.